Cyber Incident Victim: Rainbow District School Board
Date:
Feb 2025
Location:
Canada
Summary
Rainbow District School Board experienced a cyber incident that disrupted its computer network, prompting precautionary shutdowns of all systems including email, online applications, and internet access. While schools remained operational with manual attendance processes, staff gradually regained internet access followed by restored student WiFi connectivity over subsequent days. Core functions like online attendance were reinstated in phases as cybersecurity experts assessed the impact. The board maintained communication via its unaffected website, initially reporting no evidence of compromised personal data but committing to updates if circumstances changed. Restoration efforts prioritized teaching continuity, with ongoing collaboration between the organization and third-party specialists to resolve the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2025, at 10 am, Rainbow District School Board announced system-wide technical difficulties affecting its computer network, prompting an immediate precautionary shutdown of all systems and applications across the Centre for Education and all schools in Sudbury, Espanola, and Manitoulin Island. This action disabled access to email, voicemail, Google Drive, social media, and other daily operational applications, though physical schools remained open with adjusted lesson plans. Parents were instructed to report absences via phone calls or in-person visits since digital communication channels were unavailable, while students could periodically check personal cell phones for emergency contact. By 2:30 pm that same day, the board confirmed the disruption resulted from a cyber incident, initiating collaboration with cybersecurity experts to assess its origin, cause, and impact while maintaining that no personal data compromise had been detected initially. Network restoration efforts prioritized core operational functions, though internet access remained fully disabled at all locations, forcing manual attendance tracking and limiting administrative workflows.
Progress emerged on February 13 when staff regained internet access at schools and the Centre for Education, enabling online attendance systems and partial restoration of teaching applications, though student Wi-Fi remained disabled. Manual attendance records from preceding days were scheduled for entry into the student information system once connectivity stabilized. By February 14, student internet service resumed via Wi-Fi for both board-owned and classroom-approved personal devices, marking a significant recovery milestone while cybersecurity experts continued impact assessments. Throughout the seven-day disruption, the board maintained physical school operations, emphasizing adaptability among staff and students, while consistently directing stakeholders to its unaffected website for updates. Restoration occurred incrementally—staff applications were phased in after core functions, with no confirmed data breaches disclosed publicly during the incident timeline. The board acknowledged third-party expert involvement from the initial response through restoration but did not specify technical details regarding attack vectors or compromised systems beyond confirming the cyber incident’s role in the network disruption.